On Fri, Sep 14, 2007 at 02:14:12PM -0500, Mike Gerdts wrote: > I do like the idea of saying "add a user" or "alter this rights > profile". Sun or other distro maintainers shouldn't be the only once > to define and deliver the recognized actions.
Definitely. But someone should step up to the plate and write the code that modifies sudoers, and either integrate that into the packaging system proper, or deliver a separate package that delivers that one bit of code (drop the code into place in the right directory and as long as it's got the right interfaces, the packaging system will pick it up). Then anyone who wants to deliver a sudo "profile" (or whatever they're called) can depend on that package being on the system doing the installation. The world we want to want to move away from is where everyone delivers their own copy of something, which is slightly modified from the next guys, has different bugs, etc, etc. See, for example, the thousand-and-one copies of chk_update_drv() in drivers' postinstall scripts. Or bugs where packages have delivered outdated copies of i.manifest. Code to modify objects on the image being installed needs to be unique, but that needn't mean that Sun or opensolaris.org needs to be a bottleneck. Danek
